Hi All, I am having trouble getting a reverse proxy working that is doing SSL termination / load balancing between graylog 2.0.3 servers.
I am getting the following error message. Error messagecannot GET https://graylog.corp.com/api/system/cluster/node (404) So we are having trouble accessing the API... To make things simple I have reduced the config to a single nginx node and single graylog server in the setup. When I access the server directly over http it works just fine. My nginx config looks like server { listen 443 ssl; server_name graylog.corp.com; access_log /var/log/nginx/graylog.access.log; error_log /var/log/nginx/graylog.error.log; ssl on; # SSL Config Redacted location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Graylog-Server-URL https: //graylog.corp.com/api; proxy_pass http://graylog1.corp.com:9000; } location /api/ { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_pass http://graylog1.corp.com:12900; } } My Graylog config looks like # REST API listen URI. Must be reachable by other Graylog server nodes if you run a cluster. # When using Graylog Collectors, this URI will be used to receive heartbeat messages and must be accessible for all collectors. rest_listen_uri = http://0.0.0.0:12900/ # REST API transport address. Defaults to the value of rest_listen_uri. Exception: If rest_listen_uri # is set to a wildcard IP address (0.0.0.0) the first non-loopback IPv4 system address is used. # If set, this will be promoted in the cluster discovery APIs, so other nodes may try to connect on # this address and it is used to generate URLs addressing entities in the REST API. (see rest_listen_uri) # You will need to define this, if your Graylog server is running behind a HTTP proxy that is rewriting # the scheme, host name or URI. # This must not contain a wildcard address (0.0.0.0). #rest_transport_uri = http://graylog.corp.com:12900/ # Enable CORS headers for REST API. This is necessary for JS-clients accessing the server directly. # If these are disabled, modern browsers will not be able to retrieve resources from the server. # This is enabled by default. Uncomment the next line to disable it. #rest_enable_cors = false # Enable GZIP support for REST API. This compresses API responses and therefore helps to reduce # overall round trip times. This is disabled by default. Uncomment the next line to enable it. #rest_enable_gzip = true # Enable HTTPS support for the REST API. This secures the communication with the REST API with # TLS to prevent request forgery and eavesdropping. This is disabled by default. Uncomment the # next line to enable it. #rest_enable_tls = true # The X.509 certificate chain file in PEM format to use for securing the REST API. #rest_tls_cert_file = /path/to/graylog.crt # The PKCS#8 private key file in PEM format to use for securing the REST API. #rest_tls_key_file = /path/to/graylog.key # The password to unlock the private key used for securing the REST API. #rest_tls_key_password = secret # The maximum size of the HTTP request headers in bytes. #rest_max_header_size = 8192 # The maximal length of the initial HTTP/1.1 line in bytes. #rest_max_initial_line_length = 4096 # The size of the thread pool used exclusively for serving the REST API. #rest_thread_pool_size = 16 # Enable the embedded Graylog web interface. # Default: true #web_enable = false # Web interface listen URI. It must not contain a path other than "/". web_listen_uri = http://0.0.0.0:9000/ # Web interface endpoint URI. This setting can be overriden on a per-request basis with the X-Graylog-Server-URL header. # Default: $rest_transport_uri web_endpoint_uri = https://graylog.corp.com Let me know if there are any other relevant sections of the graylog config that should be shown. -- You received this message because you are subscribed to the Google Groups "Graylog Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/graylog2/0fce6043-82cf-4cb4-a755-801b19736967%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
